The Criminal Investigation Department (CID) has launched an investigation into the recent cyber attack which resulted in the loss of email data linked to multiple government offices using the “gov.lk” email domain.

The investigation has reportedly been initiated according to a notification made by the Acting Minister of Technology and Investment Promotion Kanaka Herath.

The Acting Minister also pointed out that a report has been called from the Information and Communication Technology Agency (ICTA) and the Sri Lanka Computer Emergency Readiness Team (SLCERT) regarding the cyber attack.

The ICTA officially confirmed a severe data loss incident affecting all government offices including the Cabinet Office using the “gov.lk” email domain on September 10, which is believed to have been caused by a large-scale ransomware attack between 17 May and 26 August 26.

Approximately 5,000 email addresses were impacted by the ransomware attack, ICTA reported, adding that as there was neither an offline nor online backup system for a critical period of two months, several emails that were lost due to the attack are now irrecoverable.

Accordingly, in response to this incident, ICTA has decided to institute a daily offline backup process, while the relevant application process will also be upgraded to the latest version with enhanced defences against virus attacks.

Meanwhile, efforts to recover the lost data are currently underway by both ICTA and the Sri Lanka Computer Emergency Readiness Team (SLCERT).

Meanwhile, SLCERT has also warned the public of a phishing scam specifically targeting Sri Lankan nationals.